Earlier today the Exchange CXP team released an updated version of Update Rollup 4 for Exchange Server 2010 SP1 to the Download Center. This updated release is being made available after a comple...
Updated Jul 01, 2019
Version 2.0
Blog Post
@Jirka.B & @Simon - if you apply the update through Windows Update, the process of applying the update with Forefront still enabled will leave your Transport service in a non-running state if the update doesn't require the server to reboot (I don't think Exchange RUs do, but just making that statement.
So if you have automatic updates turned on, you will find one day that your Exchange Hub Transport servers are not sending or receiving email because they recently automatically applied an Exchange RU through Windows Update. You can choose to either start the Transport service or reboot the server (which essentially does the same thing)
As to why they don't build in support for it, while I agree it is frustrating, the Exchange team and Forefront team are two separate teams in Microsoft that don't directly work together on an everyday basis. If you think about it, its no different than any other antivirus vendor, in that Microsoft doesn't build in support for those products being installed on top of Exchange, and whatever wacky requirements they have for applying Exchange Service Packs or RUs. Again I agree it's frustrating, but there is a logical explanaition.